New Ransomware Called Browlock

Friday, August 16, 2013 @ 04:08 PM gHale

There is a new ransomware family in town called Browlock, which spreads by tricking users into believing the police are after them.

There have been infections on machines in the United States, Canada and the UK, said researchers from F-Secure. On top of that, other countries are now experiencing attacks. F-Secure traced the attacks to a server in St. Petersburg, Russia.

If users end up on a compromised site hosting the scam or click on a malicious ad, their screen becomes locked, and a message ends up displayed. The messages look like like they come from federal authorities in the victim’s home country or region, including the European Cybercrime Centre and the Royal Canadian Mounted Police.

Users get a message saying they have violated the law because either they have committed copyright infringement, viewed or distributed child pornography, or unknowingly allowed access to their computer to install malware. The message will go on to say to unlock their computer and avoid prosecution, they must pay a fine of, in one case, up to $310, through an online payment site.

“This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab,” F-Secure Labs researchers wrote in a blog post.

The FBI said criminals profit roughly $150 million annually through the schemes.

As a warning, users should keep their antivirus technology up to date and to never pay any one of these fines. Removing ransomware is usually possible with the help of a security solution, but oftentimes the process may require restoration of the operating system, which could result in the loss of documents or applications.